Let say that I have a controller that can handle an upload from a request using ajax.
I have a form which is displayed by the create action. And since only actions are accessible from a form, I have an action that handle the upload (called upload).
So when the user use the form, everything is fine. But let say that I don’t want the user to call the upload action directly, how can I do that ?
I don’t want the user to write the upload address in his url bar. but I still want the upload action to be accessible from the form. Is is possible ?
The only solution I have found (in my case), is to check if a file is in the post otherwise I throw a 403 …